Weak File Permissions Vulnerability in ASUS System Control Interface 3 and AsusSwitch.exe

Weak File Permissions Vulnerability in ASUS System Control Interface 3 and AsusSwitch.exe

CVE-2022-36438 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AsusSwitch.exe on ASUS personal computers (running Windows) sets weak file permissions, leading to local privilege escalation (this also can be used to delete files within the system arbitrarily). This affects ASUS System Control Interface 3 before 3.1.5.0, and AsusSwitch.exe before 1.0.10.0.

Learn more about our Web Application Penetration Testing UK.